148 matches found
Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
...
CVE-2025-71249
This CVE entry is rejected/not used and does not represent an active vulnerability entry.
EUVD-2025-38066
A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...
EUVD-2006-1901
Malware in sbrugna...
EUVD-2019-3414
Malware in sbrugna...
EUVD-2012-3511
Malware in sbrugna...
EUVD-2022-2622
Malicious code in bioql PyPI...
EUVD-2024-53972
Malicious code in bioql PyPI...
CVE-2024-28593
The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's UsingChat page says "If you know some HTML code, you can use it in your text to do things like insert image...
HTML Element / Text not appearing correctly on Auth Window using Citrix Workspace App Native]
When using CWA Native their was HTML Element / Text not appearing correctly on Auth Window. - Text was missing / Custom Banner was missing - Issue is not present when using MS Edge browser...
CVE-2025-30342
An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly...
CVE-2025-30342
OpenSlides
CVE-2025-30345
OpenSlides CVE-2025-30345 affects OpenSlides versions prior to 4.2.5. The vulnerability arises in the chat_group.create action: while some HTML elements (e.g., SCRIPT) are filtered, others are not, and HTML entities are not consistently encoded when deleting chats or deleting messages, potentiall...
mavo DOM Clobbering vulnerability
A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element...
GHSA-FP3M-G5RC-4C28 Stage.js DOM Clobbering vulnerabilty
Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
CVE-2024-47885 astro's client-side router has DOM Clobbering Gadget that leads to XSS
The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting XSS in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements i.e., iframe tag...
GHSA-PF56-H9QF-RXQ4 Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Summary Event log data is not properly sanitized leading to stored Cross-Site Scripting XSS vulnerability. Details - file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/eventlog.jsL445 js router.get "/:id", isAdmin, errorcatcherasync req, res = const id =...
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Summary Event log data is not properly sanitized leading to stored Cross-Site Scripting XSS vulnerability. Details - file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/eventlog.jsL445 js router.get "/:id", isAdmin, errorcatcherasync req, res = const id =...
Cross-site Scripting (XSS)
LayUI is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to DOM Clobbering caused by unsanitized attacker-controlled HTML elements, such as img tags with name attributes...
DOM Clobbering
Rollup is vulnerable to a DOM Clobbering. The vulnerability is due to improper handling of import.meta properties in cjs/umd/iife formats, which allows an attacker to perform cross-site scripting XSS attacks through unsanitized HTML elements, like an img tag with an unsanitized name attribute...